GNU bug report logs -
#50921
GNU ELPA TLS errors: server is returning chain with expired root
Previous Next
Full log
View this message in rfc822 format
John Cummings <john <at> rootabega.net> writes:
> John Cummings <john <at> rootabega.net> wrote:
>
>> It appears that elpa.gnu.org is returning a certificate chain referring
>> to a root certificate that expired today. (More info:
>> https://twitter.com/letsencrypt/status/1443621997288767491) I don't know
>> if GnuTLS is supposed to be able to work around this (Firefox seems to, for instance)
>
> One possibility (and note here that I'm clearly not a TLS expert) is that
> Firefox recognizes the intermediate cert "ISRG Root X1" as one that is also
> now a trusted root cert, and so short circuits the rest of the chain,
> ignoring the expired cross-signature. Is this something that is possible
> and desirable to have Emacs do with GnuTLS?
Not only that: I deleted the offending line from my ~/.ssh/known_hosts,
re-accepted the key as valid (of course I have no idea), and attempted
to pull, and it asked me for my Savannah password -- ie, did not go to
my local ssh key.
That really made me wonder -- does that mean we've switched machines
altogether, and the new machines don't have our public keys? I don't
know how all these things work well enough to know what's going on, but
it certainly seems broken.
This bug report was last modified 3 years and 231 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.